Simulating DDoS Attacks

February 27, 2009 by Dustin D. Trammell

Todd Manning and I have a new whitepaper available over at BreakingPoint on simulating Distributed Denial-of-Service (DDoS) attacks using the BreakingPoint product.  You can read more about the paper in my BreakingPoint blog post, or just grab the paper here.  If you’re a BreakingPoint customer, you’ll want the bundled version which comes with test cases and other supporting materials.

Review: The IDA Pro Book

February 12, 2009 by Dustin D. Trammell

When a book is so well-received by your peers as The IDA Pro Book has been, even if reverse engineering isn’t a huge part of what you do every day, you pretty much have to give it a read.  The creator of IDA Pro, Ilfak Guilfanov, even recommends it himself for a number of reasons, calling it “the most thorough and accurate IDA Pro book.”  Even though I don’t do a whole lot of reversing, I do use IDA on occasion, so I thought it in my best interests to read this book.  Authored by Chris Eagle, a co-author of one of my favorite security books, Gray Hat Hacking, I had fairly high expectations.  I was not disappointed.

Read the rest of this entry »

When Magic Lost It’s Magic

January 7, 2009 by Dustin D. Trammell

Most that know me know that I’m an avid gamer.  I play video games, board games, card games, puzzles, pretty much anything I can get my hands on.  Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than the occasional odd look when I don’t respond with “Chess” or “Go”, but with “Magic: The Gathering“.

Read the rest of this entry »

MD5? Really?

January 7, 2009 by Dustin D. Trammell

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did.

Read the rest of this entry »

The Folly of a Scheduled Patch Release Cycle

December 11, 2008 by Dustin D. Trammell

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand on the issue.

Read the rest of this entry »

The Problem With the Liberty Dollar

December 7, 2008 by Dustin D. Trammell

I’m not going to talk about their underlying quest to end the Federal Reserve (with which I wholeheartedly agree), or about their multi-site raid by the FBI last year where all of their current inventory and all of the metals backing the Liberty Dollar warehouse receipts (paper currency) were confiscated.  No, I’m not going to talk about any of their politics or their legal troubles; what I am going to talk about is their currency model.

Read the rest of this entry »

How NOT to Write a Protocol Specification

November 17, 2008 by Dustin D. Trammell

For the last week or so, I’ve been tasked with implementing Application Simulators in the BreakingPoint product for the OWAMP and TWAMP protocols, RFC 4656 and RFC 5357, respectively.  These are honestly two of the most poorly written protocol specifications that I’ve ever read.  Luckily, they’re rather short.  Not only are many parts vague and ambiguous, but some parts read like a stream-of-consciousness dump directly to a text editor.

Read the rest of this entry »

What, no ToorCon???

September 30, 2008 by Dustin D. Trammell

So apparently quite a few people have come to expect and enjoy my summaries of conferences I’ve attended, because I’ve already gotten a number of inquiries as to why I haven’t yet posted about this last weekend’s ToorCon.  In short, it’s because I wasn’t there!

Read the rest of this entry »